Let’s turn GDPR into an accelerator for the Digitalization of Industry in Europe

Op-ed by Thierry Breton, Atos Chairman & CEO, and Roland Busch, Chief Operating Officer and Member of the Board of Siemens

The General Data Protection Regulation (GDPR), implemented earlier this year in May, protects European citizen privacy and is perceived as a major milestone that many countries in the world wish to replicate. It requires the explicit consent of individuals to use their personal data – in social networks for instance – but also, and it’s a lesser-known aspect, in industrial applications, in domains such as Health, Smart Meter or Connected Vehicle. These “mixed data” as we call them – both personal and industrial – represent a huge opportunity for the digitalization of Industry, but also challenges that need to be addressed. This is one of the objectives of the strategic alliance Atos and Siemens have created since the beginning of this decade.

The Digitalization of Industry will bring the next wave of growth

The ability to connect industrial hardware and leverage the data generated by them provides ample opportunities to create new business value. Digitalization and smart automation are expected to contribute as much as 14 percent to global GDP gains by 2030, equivalent to about EU14 Trillion in today’s value. To take advantage of this growth and the related job creations, Europe needs to focus on domains in which it already has a strong market position, such as factory/process automation, power generation,the distribution of energy (Smart Grids) and of course the whole mobility sector.

Industrial Digital Platforms can become the new “GAFAM”

Industrial Digital platforms like Siemens’ MindSphere are central for companies to create, share and monetize value from the data they create. By digitalizing the entire value chain for companies of all sizes – including the supply chain – Industrial Digital Platforms have the potential to become the new leaders of the economy of tomorrow. They rely on a major concept, the “Digital Twin”, which can design, simulate, and test sophisticated products in the virtual domain before making the first physical prototype, before setting up production lines and before starting actual production. Once everything works in the virtual world, the results are transferred to the real world. The digital twin combines a collection of new real-time data, including customer feedback for permanent improvements and leads to more flexibility and reduced time to market. These opportunities can only be achieved if all the partners of the ecosystem agree to share selected elements of their industrial data.

Trust and cybersecurity are the two faces of the digitalization coin

Sharing Data demands a reliable basis for trust in a connected and digital world; but creating a holistic basis for trust can’t be achieved by a single company or entity; it must be the result of close collaborations at all levels. People and organizations need to trust that their digital technologies and associated data are safe and secure otherwise they won’t embrace the full potential of digital transformation. Digitalization and cybersecurity must evolve hand in hand. The challenge of “mixed data”

Lack of trust will mean that companies will not be willing to share their industrial data and will therefore miss out on the benefits of Industrie4.0. But it may also mean that individuals who, according to GDPR own the rights to their personal data, will not give consent for their “mixed data” to be used in an industrial context.

This is already the case for smart meter data, where only a small percentage of consumers have given the authorization to upload their usage profiles. Similar challenges may also be experienced with connected and autonomous cars which require owner / driver authorization to exchange data; and with Electronic Health Records where personal data cannot be shared without patient consent. Security may not be compromised in these critical areas.

The necessary clarification of GDPR

While prior consent for sharing personal data is not required in the US or in China, Europe has chosen a more cautious approach prerequiring consent for all kinds of mixed data, with risks of turning out as a threat to European industry digitalization. To preserve both individual privacy and industrial efficiency, we need to define a flexible and secure data framework, including data sovereignty and data usage control. As part of the International Data Space Association, Siemens and Atos have defined data sovereignty as “the capability of a natural person or legal entity for exclusive self-determination with regard to their data goods”. To express easily and efficiently their self-determination on the long term, individuals would need data usage control, a mechanism extending, replacing and supplementing existing contractual and organizational enforcements. For instance, individuals would grant first a general agreement of access control of their data, with fine-grained policies specifying how data is handled afterwards.

This general agreement requires trust. And creating such trust for a secure digital world is exactly why Siemens together with several major technology partners including Atos, initiated the Charter of Trust. It’s the first of its kind and it aims to protect the data of individuals and businesses, to prevent harm to people, businesses and infrastructure and to establish a reliable basis where confidence in a networked, digital world can take root and grow. We do believe together it is time to set up such cybersecurity standards at European and International level, such governance rules for this new world of data, if we want to take benefit of the new digital industrial revolution.